@ARTICLE{ferraiolo:rbac,
  author = {David F. Ferraiolo and Ravi S. Sandhu and Serban I. Gavrila and D.
	Richard Kuhn and Ramaswamy Chandramouli},
  title = {Proposed {NIST} standard for role-based access control},
  journal = {ACM Transactions on Information and System Security},
  year = {2001},
  volume = {4},
  pages = {224-274},
  number = {3}
}

@inproceedings{dac,
    author = {B. Lampson},
    title = {Protection},
    booktitle = {Proceedings of the 5th Princeton Conference on Information Sciences and Systems}, 
    year = {1971},
}

@inproceedings{mac, 
  author = {Bell, E. D. and La Padula, J. L.},
  title = {Secure computer system: Unified exposition and Multics interpretation},
  publisher = {Mitre Corporation},
  year = {1976}, 
}


@inproceedings{mac1,
  author =       {Biba, K. J.},
  title =        {Integrity Considerations for Secure Computer Systems},
  edition = {ESD-TR-76-372},
  organisation = {MITRE Corp},
  year =         {1977},
}

@INPROCEEDINGS{legacy,
  author = {Traon, Yves Le and Mouelhi, Tejeddine and Pretschner, Alexander and
	Baudry, Benoit},
  title = {Test-Driven Assessment of Access Control in Legacy Applications},
  booktitle = {Proc. the 2008 International Conference on Software Testing, Verification,
	and Validation},
  year = {2008},
  pages = {238--247},
}
@inproceedings{rbac,
    author = {David F. Ferraiolo and Ravi Sandhu and Serban Gavrila and D. Richard Kuhn and Ramaswamy Chandramouli},
    title = {Proposed NIST Standard for Role-Based Access Control},
    year = {2001},
}

@inproceedings{rbac1,
    author = {Ravi Sandhu and Edward Coyne and Hal Feinstein and Charles Youman},
     title = {Role-Based Access Control Models},
    journal = {{IEEE} Computer},
    volume = {29},
    number = {2},   
    year = {1996},
    pages = {38--4},
}

	
@inproceedings{orbac,
  author    = {Anas Abou El Kalam and
               Salem Benferhat and
               Alexandre Mi{\`e}ge and
               Rania El Baida and
               Fr{\'e}d{\'e}ric Cuppens and
               Claire Saurel and
               Philippe Balbiani and
               Yves Deswarte and
               Gilles Trouessin},
  title     = {Organization based access contro},
  booktitle = {POLICY},
  year      = {2003},
}


@INPROCEEDINGS{policymanagement,
  author = {Junaid Chaudhry and Themis Palpanas and Periklis Andritsos and Antonio
	Mana},
  title = {Entity Lifecycle Management for OKKAM},
  booktitle = {Proc. 1st IRSW2008 International Workshop on Tenerife},
  year = {2008}
}

@INPROCEEDINGS{codec,
  author = {Fisler, Kathi and Krishnamurthi, Shriram and Meyerovich, Leo A. and
	Tschantz, Michael Carl},
  title = {Verification and change-impact analysis of access-control policies},
  booktitle = {Proc. 27th International Conference on Software Engineering},
  year = {2005},
  pages = {196--205}
}

@ARTICLE{scalabilityaccesscontrol,
  author = {Keromytis, Angelos D. and Smith, Jonathan M.},
  title = {Requirements for scalable access control and security management
	architectures},
  journal = {ACM Trans. Internet Technol.},
  year = {2007},
  volume = {7},
  month = {May},
  issue = {2}
}

@INPROCEEDINGS{decomposition,
  author = {Lin, Dan and Rao, Prathima and Bertino, Elisa and Li, Ninghui and
	Lobo, Jorge},
  title = {Policy decomposition for collaborative access control},
  booktitle = {Proc. 13th ACM Symposium on Access Control Models and Technologies},
  year = {2008},
  pages = {103--112}
}

@INPROCEEDINGS{Xengine,
  author = {Alex X. Liu and Fei Chen and JeeHyun Hwang and Tao Xie},
  title = {XEngine: A Fast and Scalable {XACML} Policy Evaluation Engine},
  booktitle = {Proc. International Conference on Measurement and Modeling of Computer
	Systems},
  year = {2008},
  pages = {265--276}
}

@INPROCEEDINGS{clustering,
  author = {Marouf, Said and Shehab, Mohamed and Squicciarini, Anna and Sundareswaran,
	Smitha},
  title = {Statistics \& clustering based framework for efficient XACML policy
	evaluation},
  booktitle = {Proc. 10th IEEE International Conference on Policies for Distributed
	Systems and Networks},
  year = {2009},
  pages = {118--125}
}

@INPROCEEDINGS{request,
  author = {Evan Martin and Tao Xie and Ting Yu},
  title = {Defining and Measuring Policy Coverage in Testing Access Control
	Policies},
  booktitle = {Proc. 8th International Conference on Information and Communications
	Security},
  year = {2006},
  pages = {139--158}
}

@INPROCEEDINGS{XACMLstructure,
  author = {Miseldine, Philip L.},
  title = {Automated xacml policy reconfiguration for evaluation optimisation},
  booktitle = {Proc. 4th International Workshop on Software Engineering for Secure
	Systems},
  year = {2008},
  pages = {1--8}
}

@INPROCEEDINGS{models,
  author = {Mouelhi, Tejeddine and Fleurey, Franck and Baudry, Benoit and Traon,
	Yves},
  title = {A Model-Based Framework for Security Policy Specification, Deployment
	and Testing},
  booktitle = {Proc. 11th International Conference on Model Driven Engineering Languages
	and Systems},
  year = {2008},
  pages = {537--552}
}

@INPROCEEDINGS{testcase,
  author = {Mouelhi, Tejeddine and Traon, Yves Le and Baudry, Benoit},
  title = {Transforming and Selecting Functional Test Cases for Security Policy
	Testing},
  booktitle = {Proc. 2009 International Conference on Software Testing Verification
	and Validation},
  year = {2009},
  pages = {171--180}
}

@INPROCEEDINGS{acp,
  author = {Samarati, Pierangela and Vimercati, Sabrina De Capitani di},
  title = {Access Control: Policies, Models, and Mechanisms},
  booktitle = {Revised versions of lectures given during the IFIP WG 1.7 International
	School on Foundations of Security Analysis and Design on Foundations
	of Security Analysis and Design: Tutorial Lectures},
  year = {2001},
  pages = {137--196}
}

@INPROCEEDINGS{legacy,
  author = {Traon, Yves Le and Mouelhi, Tejeddine and Pretschner, Alexander and
	Baudry, Benoit},
  title = {Test-Driven Assessment of Access Control in Legacy Applications},
  booktitle = {Proc. the 2008 International Conference on Software Testing, Verification,
	and Validation},
  year = {2008},
  pages = {238--247}
}

@MISC{separation,
  author = {R. Yavatkar and D. Pendarakis and R. Guerin},
  title = {A Framework for Policy-based Admission Control},
  howpublished = {RFC Editor},
  year = {2000}
}

@MISC{splitter,
  title = {{PolicySplitter Tool}},
  howpublished = {http://www.mouelhi.com/policysplitter.html},
  year = {2011}
}


@MISC{evaluation,
    author = {Tejeddine Mouelhi and Yves Le Traon and Benoit Baudry},
    title = {Transforming and Selecting Functional Test Cases for Security Policy Testing},
    booktitle = {ICST},
    address = {Denver, CO, {\'E}tats-Unis},
    year = {2009},
}

@MISC{epal,
  title = {{IBM, Enterprise Privacy Authorization Language (EPAL), Version 1.2 }},
  howpublished = {http://www.w3.org/Submission/2003/SUBM-EPAL-
20031110},
  year = {2003}
}


@MISC{oasis,
  title = {{OASIS eXtensible Access Control Markup Language (XACML)}},
  howpublished = {http://www.oasis-open.org/committees/xacml/},
  year = {2005}
}

@MISC{sunxacml,
  title = {{Sun's XACML implementation}},
  howpublished = {http://sunxacml.sourceforge.net/},
  year = {2005}
}


@inproceedings{MyABDAC,
 author = {Jahid, Sonia and Gunter, Carl A. and Hoque, Imranul and Okhravi, Hamed},
 title = {MyABDAC: compiling XACML policies for attribute-based database access control},
 booktitle = {Proceedings of the first ACM conference on Data and application security and privacy},
 series = {CODASPY '11},
 year = {2011},
 isbn = {978-1-4503-0466-5},
 location = {San Antonio, TX, USA},
 pages = {97--108},
 numpages = {12},
} 

@INPROCEEDINGS{largesystems,
    author = {Glenn Ammons and Jong-deok Choi and Manish Gupta and Nikhil Swamy},
    title = {Finding and removing performance bottlenecks in large systems},
    booktitle = {In Proceedings of ECOOP},
    year = {2004},
    publisher = {Springer}
}
